GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,030
Composer 4,303
Erlang 31
GitHub Actions 21
Go 2,071
Maven 5,246
npm 3,744
NuGet 669
pip 3,430
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,573

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,545 advisories

Filter by severity

Sort by

Least recently updated

Forms generated by JQueryForm.com before 2022-02-05 (if file-upload capability is enabled) allow... Critical Unreviewed

CVE-2022-24984 was published Feb 17, 2022

File upload leading to RCE in MCMS Critical

CVE-2021-46036 was published for net.mingsoft:ms-mcms (Maven) Feb 19, 2022

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can... High Unreviewed

CVE-2022-23375 was published Feb 20, 2022

Unrestricted Upload of File with Dangerous Type in showdoc High

CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022

An issue was found in Zfaka <= 1.4.5. The verification of the background file upload function... Critical Unreviewed

CVE-2022-24553 was published Feb 22, 2022

An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in... High Unreviewed

CVE-2021-44664 was published Feb 25, 2022

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... High Unreviewed

CVE-2022-25360 was published Feb 25, 2022

File upload restriction bypass in Zenario CMS High

CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install... High Unreviewed

CVE-2021-44967 was published Feb 25, 2022

Unrestricted Upload of File with Dangerous Type in MODX Revolution High

CVE-2022-26149 was published for modx/revolution (Composer) Feb 27, 2022

CMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability... High Unreviewed

CVE-2022-23906 was published Mar 2, 2022

A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsite CMS v180 allows... Critical Unreviewed

CVE-2022-25411 was published Mar 2, 2022

Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload... Critical Unreviewed

CVE-2022-25016 was published Mar 3, 2022

An unrestricted file upload vulnerability in the Backup/Restore Archive component of Extensis... High Unreviewed

CVE-2022-24254 was published Mar 3, 2022

An unrestricted file upload vulnerability in the FileTransferServlet component of Extensis... High Unreviewed

CVE-2022-24252 was published Mar 3, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24253 was published Mar 3, 2022

Extensis Portfolio v4.0 was discovered to contain an authenticated unrestricted file upload... High Unreviewed

CVE-2022-24251 was published Mar 3, 2022

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user... High Unreviewed

CVE-2022-25115 was published Mar 4, 2022

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to... High Unreviewed

CVE-2022-0440 was published Mar 8, 2022

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files'... High Unreviewed

CVE-2021-24216 was published Mar 8, 2022

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress... Moderate Unreviewed

CVE-2021-24960 was published Mar 8, 2022

Unrestricted Upload of File with Dangerous Type in Croogo High

CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022

Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by... High Unreviewed

CVE-2022-26521 was published Mar 11, 2022

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed

CVE-2022-24651 was published Mar 11, 2022

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized... Critical Unreviewed

CVE-2022-24652 was published Mar 11, 2022

Previous 1 2 3 4 5 6 7 … 101 102 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,545 advisories